Tips Tuesday – $30 Million Site, Security Issue on 100 Plugins, Remove This From Your Site

Hello Happy Site Owners!

Tips this week include:

What’s on your site that is out of sight, out of mind until it’s too late
Survey results for helpful Content Update Recovery
100 plugins and 6 million users at risk – except for my clients
Why to make a priority of getting Spectra off your site
Kadence is going all in on AI themes – and why they have to
How 1 gardener is making $30 million

BlogAid Holiday Deals

I’ve got HUGE discounts for you this year on the things you need, including:

DIY SEO course – save $100
Webmaster Training – save $190
Site Audit – save $100
Consults – half off
AI Images for Profit – first month for $1
AI Success Club – 25% off plus $900 worth of bonuses

See the Holiday Deals page for all the details.

And tell your blogger buddies about these deals too!!

BlogAid Happenings

Out of Sight, Out of Mind, Until It’s Too Late

This past week I began to hear clanging in my central air vents when the heat came on.

I called for service and the tech discovered that the switch to turn on the AC in the outside unit was stuck in the On position.

So, every time the heat came on, so did the AC.

And the coils froze over on the inside condensor.

That’s what was causing the clanging.

There was no fail-safe or report that both were on.

You can do the same thing in your car, and it will blow warm air and never warn you that you also have the AC on, at least in older cars. Maybe newer ones have some sort of reporting to warn you.

I’m just glad that there was no real damage done, and that the AC switch was still under warranty, so it wasn’t an expensive repair. But it certainly could have been had we not caught it early..

And now the air the unit is blowing is a lot hotter and doesn’t have to stay on as long to warm the place up either.

Images Piling Up

I’m telling you this story because something similar is happening on a new site audit client’s site with her images.

Years ago there was some problem with her images. And someone suggested installing a plugin I’ve never heard of to fix it.

During the audit, I found a gazillion loose images in the Uploads folder, all with odd names. There weren’t like the typical file names from the extra thumbnails that WP creates, or the file names from image optimizer plugins.

We’re still sorting out what’s going on with it and the best way to clean up that mess and actually fix whatever was original wrong with the images.

And we need to get this fixed before we can migrate to better hosting because the disk space all these extra images are using is HUGE. And we don’t want her to have to pay more for a bigger hosting package just to store all that mess.

This is exactly why I tell y’all not to use image optimization plugins.

WP makes 3 thumbnails of every image. So when you upload an image, you are actually storing 4 of them.

And then the image optimizer creates 4 optimized copies.

So, you just doubled the number of images you’re storing on your disk at the hosting.

The same sort of thing happens when you choose to use WebP images.

Because every browser on the planet still does not support WebP, it has to create fallback versions of .jpg or .png. So again, you’re at least doubling the number of images stored on your disk space.

And just like there was no warning with the heat and AC running at the same time, you’ll never know that you’re running out of disk space until your backups can’t run because they don’t have the room, or your host contacts you to buy a bigger hosting package because you’re out of space.

Get Your Site Clean and Fast

This is why you get an audit.

This is why you don’t listen to advice from non-techie bloggers.

In fact, blogger groups are where the worst website advice you’ll ever get comes from.

I’ve made a living for 2 decades cleaning up the messes made from what non-techie bloggers and non-techie affiliate sales people suggest you do.

And now I make a living doing quick audit checkups for my long-term clients.

Now that we have everything all cleaned up and secure and speedy, it’s cheap and easy to keep their sites that way.

Site Services Update

December is a heavy month of site audit checkups for me. And I’m working my way through the wait list, which is running about 2 weeks for any new requests.

If you have an audit checkup due in January, now is the time to put in that request.

Consults are still running on demand.

SEO Tips

Survey Results for Helpful Content Update Recovery

I was a little shocked by the results of the survey I sent to my DIY SEO course members last week.

The participation percentage was very low.

But of those who did respond, most all said they did not lose traffic from the multiple rounds of Google updates this fall, including the Helpful Content Update.

I’m thrilled for them.

But I’m also confused because that does not jive with what I’ve heard in general from both clients and non-clients.

So, either those folks who did get hit are not in the DIY SEO course, or they didn’t participate in the survey.

Most all of the respondents said that they want to wait until after the holidays to start the DIY SEO workshops. So, that’s what we’ll do.

I’ve already got our Quick Start checks ready and we’ll begin those the first week of January.

And then we’ll do our Technical SEO workshop.

And then we’ll dive into the new tutorials that I originally made for the Helpful Content Update Recovery, but will be slightly revising for general purpose use.

They will help you see exactly which posts have gained or lost ranking and clicks. And they will help you be certain that any traffic loss or gain is from Google or elsewhere.

If you are not already in the course, be sure to get in on the holiday deal that’s running right now and save some serious bucks!

Security Tips

100 Plugins and 6 Million Users at Risk

Wordfence just found 100 plugins at risk of a cross-site scripting security issue due to the plugin having a shortcode feature.

Over 6 million installs of these plugins are affected.

Folks, I know all of the security measures that me and the host insist on having can be a pain in the butt sometimes to keep your IP or VPN addresses updated.

But, those OWASP settings both at Cloudflare and with ModSecurity fully on at your hosting are what keep you protected when issues like this pop up.

Cross-site scripting errors are, by far, the most common security issue in plugins, themes, and even WordPress.

The extra security my clients have keeps them protected until the plugins can be updated.

And all without the need for those behemoth security plugins that don’t catch quite as much as they should, or they chew up more resources doing so.

Plugin Tips

Get Spectra Off Your Site

I’m just sick about this.

Astra looked like the perfect theme and set of blocks for us when it first came out a few years ago.

But what they have shown us over and over again is that they intend to stay bleeding edge.

They do things that are too far ahead of WP native support. And it breaks things.

When WP natively can do those things, then Astra/Spectra deprecates their special ways of doing it, and that breaks things.

I’ve been advising all of my clients to switch from Spectra blocks to Kadence Blocks. And if they can, switch from the Astra/Spectra theme to a Kadence theme too.

But, I’m a little wary of what Kadence themes has planned and I’ll tell you more about that in a moment.

Back to the plugins.

I used the UAG (Ultimate Addons for Gutenberg) plugin, now called Spectra Blocks, extensively on my sites.

More than once I have seriously considered hiring someone to change them all over to Kadence Blocks.

But, I knew that I also wanted to update all of the content on the pages where it was used. And I wanted to delete a bunch of old posts.

So, this past week I’ve been spending all of my spare time making those changes.

It’s slow and boring work. But I’m making good progress on all fronts.

I have multiple sites, so this is going to take a while. But I’m going to stay with it until they are all done.

I just can’t justify using something that has such a high break potential anymore.

Theme Tips

Kadence Going All In on AI Themes

It looks like Kadence is going to try to position itself at the top of the AI website builder market.

I hate that.

But they have to do it or risk becoming obsolete.

AI is the way all of this is going – and I have profound security and privacy concerns about it.

Tips Tuesday Plus subscribers have seen first-hand examples of the issues with using AI in WordPress.

And none of those issues seem to concern plugin or theme devs.

So, we are in a bit of a “wait and see” limbo right now until Kadence fully releases what they’ve been working on.

I can tell you the first beta was frought with issues and not at all ready for production.

In fact, the beta tester thingy didn’t even work well.

We’ll see what this next beta has in it.

My hope is that they will have a core framework that doesn’t have AI, like they have now.

And then they’ll have separate starter themes that do have AI if you want it.

We’ll see.

But for now, it’s safe to switch to Kadence.

Monetization Tips

How 1 Gardener is Making $30 Million

If you blog for ad revenue, you need to see this post, no matter what niche you are in.

The PublishPress just released their top picks for the best creators of 2023.

In this post, they highlight Kevin Espiritu of Epic Gardening.

10 years ago he started a blog and then bought another one that gave him ad revenue income.

He used that money to seed the rest of his business, literally, with buying a seed packet company.

His real growth came from his down-to-earth YouTube channel that focuses on gardening and homesteading. He grew his loyal audience to 8 million subscribers.

And the majority of his income is no longer from his blogs or ads.

He makes the most money from product sales.

I hope this inspires you to move on from blogging for ads because it is the hardest and slowest way to make money.

You NEED to do whatever it takes to cultivate a loyal following.

And then monetize that audience with products that you believe in and that help them.

And do what Kevin says do – hire folks to help you run things so you can stay focused on your audience.

That’s what will get and keep you in the money.

Real people helping real people is what it’s all about.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.